Here’s what I know so far.
As of 12:33 EST 04/14 and probably sometime before that, some accounts authenticated through OAuth on my app suddenly started getting “This application is not allowed to access or delete your direct messages.” when polling the GET endpoints for direct_messages/sent and direct_messages/show. This behavior was not observed before 6PM EST 04/13.
I haven’t changed any code related to fetching direct messages, and haven’t changed my app’s permissions. It’s always been read, write, and direct messages.
There doesn’t seem to be any rhyme or reason to the affected accounts. Hopefully you guys can figure it out soon!